Request a demo
Request a demo

A secure experience engineered for growth

Your data security and privacy are a top priority for BetterUp and we value the trust that you place in our platform offerings.


Enterprise-Grade Security

Security and Privacy are at the center of how we continue to enhance customer trust, and BetterUp invests heavily to protect the confidentiality, integrity, availability, security, and privacy of customer data. BetterUp continuously assesses and implements additional measures to help improve our security program and address the ever-changing threat landscape.

Best in Class Tone at the Top BetterUp has an active Information Security Committee ISC in place. The Executive leadership and the BetterUp Board is provided with periodic updates on the overall security threats, hygiene, and maturity of the Information Security Program.
Best in Class Security Certification BetterUp holds an ISO 27001 certification and SOC 2 Type II report. We continue our pursuit to improve and achieve robust industry accreditations/ certifications.
Robust Shared Security Model BetterUp uses the AWS US regions with multiple availability zones (Multi-Az) model. The production environment is managed by Heroku, a Salesforce company. Heroku’s managed PaaS includes a Web Application Firewall (WAF) in a private space (aka micro-segment). AWS and Heroku's have several security and privacy certifications including SOC 2 Type II and ISO 27001.

Certifications, standards & regulations

Protecting your company and employee data is our top priority. We earn your trust every day by complying with international privacy, security, and confidentiality protocols, regulations, and requirements.

SOC 2 Type II
SOC 2 Type II
ISO 27001
Risk Intelligent Program
The risk-driven Information Security Program includes administrative, technical, and physical safeguards to align with applicable requirements, standards, and best practices.
Suite of Security Safeguards
BetterUp maintains a comprehensive suite of information security policies that is regularly reviewed, updated, and approved on a predefined schedule.
Dedicated Team
BetterUp has a dedicated Information Security team to ensure BetterUp products and customer data are protected.

Risk management: the foundation of BetterUp's security

Risk management serves as the foundation of BetterUp’s Information Security Program. BetterUp conducts industry-standard security risk assessments periodically to identify, analyze, monitor, and respond to risk.

Our multi-faceted approach also includes using multiple sources of input such as vulnerability assessments, penetration testing, and other forms of security review to capture the holistic state of our security posture.

Risk treatments are strategically planned and prioritized with key stakeholders to ensure alignment with security and business objectives. Cross-functional collaboration with the ISC is integral in the review and management of information security risk.


Program governance

BetterUp’s Information Security Committee (ISC) is a governing body consisting of cross-functional management representatives at BetterUp. The ISC meets on a regular basis to advise, prioritize, and enable the Information Security Program.

People Security
Processes and policies are in place to ensure the security of our personnel throughout their BetterUp journey.
Data Security
Keeping your data secure and private is a top priority at BetterUp. We follow global security and privacy principles in the design of our products that safeguard your data.
Secure Development
BetterUp uses secure coding standards and practices that supports the principles of agile development.
Monitoring & Response
Monitoring mechanisms and response procedures are managed to enable awareness and resilience in the face of security threats.
Penetration Testing
Independent penetration testing and automated testing in our secure development practices are conducted to enable the identification and mitigation of vulnerabilities.
Explore our Frequently Asked Questions section for answers and details to some of our customers' common inquiries.

People security

Data security

Secure development lifecycle (SDL)

Security monitoring & response

Penetration testing


Initial onboarding & data load

Data protection

Access controls

Security logging & monitoring

People security

Vulnerability management

Security incident response

Business continuity management

Mobile app security

Endpoint security

Encryption key management

Third-party risk management

Service level agreements (SLAs)